Details of VAR-202111-1204

ID

VAR-202111-1204

CVE

CVE-2021-33071

TITLE

Intel(R) oneAPI Rendering Toolkit Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015256

DESCRIPTION

Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) oneAPI Rendering Toolkit There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-33071 // JVNDB: JVNDB-2021-015256 // VULHUB: VHN-393085

AFFECTED PRODUCTS

vendor:	intel	model:	oneapi rendering toolkit	scope:	lt	version:	2021.2	Trust: 1.0
vendor:	インテル	model:	intel oneapi rendering toolkit	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel oneapi rendering toolkit	scope:	eq	version:	2021.2	Trust: 0.8

sources: JVNDB: JVNDB-2021-015256 // NVD: CVE-2021-33071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33071
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33071
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202111-963
value:	HIGH
Trust: 0.6
VULHUB:	VHN-393085
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33071
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393085
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33071
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33071
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393085 // JVNDB: JVNDB-2021-015256 // CNNVD: CNNVD-202111-963 // NVD: CVE-2021-33071

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393085 // JVNDB: JVNDB-2021-015256 // NVD: CVE-2021-33071

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-963

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-963

PATCH

title:	INTEL-SA-00564	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00564.html	Trust: 0.8
title:	Intel oneAPI Rendering Toolkit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170933	Trust: 0.6

sources: JVNDB: JVNDB-2021-015256 // CNNVD: CNNVD-202111-963

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33071	Trust: 3.3
db:	JVN	id:	JVNVU91196719	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-015256	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3764	Trust: 0.6
db:	CS-HELP	id:	SB2021111011	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-963	Trust: 0.6
db:	VULHUB	id:	VHN-393085	Trust: 0.1

sources: VULHUB: VHN-393085 // JVNDB: JVNDB-2021-015256 // CNNVD: CNNVD-202111-963 // NVD: CVE-2021-33071

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00564.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33071	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91196719/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021111011	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3764	Trust: 0.6

sources: VULHUB: VHN-393085 // JVNDB: JVNDB-2021-015256 // CNNVD: CNNVD-202111-963 // NVD: CVE-2021-33071

SOURCES

db:	VULHUB	id:	VHN-393085
db:	JVNDB	id:	JVNDB-2021-015256
db:	CNNVD	id:	CNNVD-202111-963
db:	NVD	id:	CVE-2021-33071

LAST UPDATE DATE

2024-08-14T12:06:04.992000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393085	date:	2021-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-015256	date:	2022-11-15T01:26:00
db:	CNNVD	id:	CNNVD-202111-963	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-33071	date:	2021-11-22T18:31:34.120

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393085	date:	2021-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-015256	date:	2022-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202111-963	date:	2021-11-10T00:00:00
db:	NVD	id:	CVE-2021-33071	date:	2021-11-17T20:15:09.977